Ensure we don't buffer GSSAPI-encrypted data

This commit should probably be squashed before merging, but until we know that it fixes the issue I'd prefer it separate. Apologies for the inconvenience.
frozencemetery · Mar 4, 2016 · 82c8922 · 82c8922
1 parent e5d42ac
commit 82c8922
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 40 deletions.
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -111,6 +111,20 @@ pg_GSS_continue(PGconn *conn)
 	if (maj_stat == GSS_S_COMPLETE)
 		gss_release_name(&lmin_s, &conn->gtarg_nam);
 
+	if (pg_GSS_should_crypto(conn) && conn->inEnd != conn->inStart)
+	{
+		/*
+		 * If we've any data from the server buffered, it's encrypted and we
+		 * need to decrypt it.  Pass it back down a layer to decrypt.
+		 *
+		 * At this point in time, conn->inStart and conn->inCursor match.
+		 */
+		appendBinaryPQExpBuffer(&conn->gwritebuf,
+								conn->inBuffer + conn->inStart,
+								conn->inEnd - conn->inStart);
+		conn->inEnd = conn->inStart;
+	}
+
 	return STATUS_OK;
 }
 

diff --git a/src/interfaces/libpq/fe-gssapi-common.c b/src/interfaces/libpq/fe-gssapi-common.c
@@ -61,3 +61,43 @@ pg_GSS_error(const char *mprefix, PGconn *conn,
 	/* Add the minor codes as well */
 	pg_GSS_error_int(&conn->errorMessage, mprefix, min_stat, GSS_C_MECH_CODE);
 }
+
+/*
+ * Only consider encryption when GSS context is complete
+ */
+ssize_t
+pg_GSS_should_crypto(PGconn *conn)
+{
+	OM_uint32 major, minor;
+	int open = 1;
+
+	if (conn->gctx == GSS_C_NO_CONTEXT)
+		return 0;
+	else if (conn->gencrypt)
+		return 1;
+
+	major = gss_inquire_context(&minor, conn->gctx,
+								NULL, NULL, NULL, NULL, NULL, NULL,
+								&open);
+	if (major == GSS_S_NO_CONTEXT)
+	{
+		/*
+         * In MIT krb5 < 1.14, it was not possible to call gss_inquire_context
+         * on an incomplete context.  This was a violation of rfc2744 and has
+         * been corrected in https://github.com/krb5/krb5/pull/285
+         */
+		return 0;
+	}
+	else if (GSS_ERROR(major))
+	{
+		pg_GSS_error(libpq_gettext("GSSAPI context state error"), conn,
+					 major, minor);
+		return -1;
+	}
+	else if (open != 0)
+	{
+		conn->gencrypt = true;
+		return 1;
+	}
+	return 0;
+}
diff --git a/src/interfaces/libpq/fe-gssapi-common.h b/src/interfaces/libpq/fe-gssapi-common.h
@@ -17,5 +17,6 @@
 
 void pg_GSS_error(const char *mprefix, PGconn *conn,
 				  OM_uint32 maj_stat, OM_uint32 min_stat);
+ssize_t pg_GSS_should_crypto(PGconn *conn);
 
 #endif /* FE_GSSAPI_COMMON_H */
diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c
@@ -17,46 +17,6 @@
 #include "libpq-int.h"
 #include "fe-gssapi-common.h"
 
-/*
- * Only consider encryption when GSS context is complete
- */
-static ssize_t
-pg_GSS_should_crypto(PGconn *conn)
-{
-	OM_uint32 major, minor;
-	int open = 1;
-
-	if (conn->gctx == GSS_C_NO_CONTEXT)
-		return 0;
-	else if (conn->gencrypt)
-		return 1;
-
-	major = gss_inquire_context(&minor, conn->gctx,
-								NULL, NULL, NULL, NULL, NULL, NULL,
-								&open);
-	if (major == GSS_S_NO_CONTEXT)
-	{
-		/*
-         * In MIT krb5 < 1.14, it was not possible to call gss_inquire_context
-         * on an incomplete context.  This was a violation of rfc2744 and has
-         * been corrected in https://github.com/krb5/krb5/pull/285
-         */
-		return 0;
-	}
-	else if (GSS_ERROR(major))
-	{
-		pg_GSS_error(libpq_gettext("GSSAPI context state error"), conn,
-					 major, minor);
-		return -1;
-	}
-	else if (open != 0)
-	{
-		conn->gencrypt = true;
-		return 1;
-	}
-	return 0;
-}
-
 ssize_t
 pg_GSS_write(PGconn *conn, void *ptr, size_t len)
 {